4 files changed, 141 insertions, 0 deletions

diff --git a/cmd/sigsum-debug/key/hash/hash.go b/cmd/sigsum-debug/key/hash/hash.go
new file mode 100644
index 0000000..0431dfc
--- /dev/null
+++ b/cmd/sigsum-debug/key/hash/hash.go
@@ -0,0 +1,29 @@
+package hash
+
+import (
+	"fmt"
+	"strings"
+
+	"git.sigsum.org/sigsum-go/internal/fmtio"
+	"git.sigsum.org/sigsum-go/pkg/hex"
+	"git.sigsum.org/sigsum-go/pkg/types"
+)
+
+func Main(args []string) error {
+	if len(args) != 0 {
+		return fmt.Errorf("trailing arguments: %s", strings.Join(args, ", "))
+	}
+	s, err := fmtio.StringFromStdin()
+	if err != nil {
+		return fmt.Errorf("read stdin: %w", err)
+	}
+	pub, err := fmtio.PublicKeyFromHex(s)
+	if err != nil {
+		return fmt.Errorf("parse key: %w", err)
+	}
+
+	keyHash := types.HashFn(pub[:])
+
+	fmt.Printf("%s\n", hex.Serialize(keyHash[:]))
+	return nil
+}
diff --git a/cmd/sigsum-debug/key/key.go b/cmd/sigsum-debug/key/key.go
new file mode 100644
index 0000000..88973f2
--- /dev/null
+++ b/cmd/sigsum-debug/key/key.go
@@ -0,0 +1,51 @@
+package key
+
+import (
+	"flag"
+	"fmt"
+	"log"
+
+	"git.sigsum.org/sigsum-go/cmd/sigsum-debug/key/hash"
+	"git.sigsum.org/sigsum-go/cmd/sigsum-debug/key/private"
+	"git.sigsum.org/sigsum-go/cmd/sigsum-debug/key/public"
+	"git.sigsum.org/sigsum-go/internal/options"
+)
+
+const usage = `
+sigsum-debug key generates private keys, public keys, and key hashes.
+
+Usage:
+
+  sigsum-debug key help     Outputs a usage message
+  sigsum-debug key private  Outputs a new private key
+  sigsum-debug key public   Outputs a public key for a private key on stdin
+  sigsum-debug key hash     Outputs a key hash for a public key on stdin
+
+`
+
+func Main(args []string) error {
+	var err error
+
+	opt := options.New(args, func() { log.Printf(usage[1:]) }, func(_ *flag.FlagSet) {})
+	switch opt.Name() {
+	case "help":
+		opt.Usage()
+	case "private":
+		err = private.Main(opt.Args())
+	case "public":
+		err = public.Main(opt.Args())
+	case "hash":
+		err = hash.Main(opt.Args())
+	default:
+		err = fmt.Errorf("invalid command %q, try \"help\"", opt.Name())
+	}
+	if err != nil {
+		format := " %s: %w"
+		if len(opt.Name()) == 0 {
+			format = "%s: %w"
+		}
+		err = fmt.Errorf(format, opt.Name(), err)
+	}
+
+	return err
+}
diff --git a/cmd/sigsum-debug/key/private/private.go b/cmd/sigsum-debug/key/private/private.go
new file mode 100644
index 0000000..3928f56
--- /dev/null
+++ b/cmd/sigsum-debug/key/private/private.go
@@ -0,0 +1,29 @@
+package private
+
+import (
+	"crypto/ed25519"
+	"crypto/rand"
+	"fmt"
+	"strings"
+
+	"git.sigsum.org/sigsum-go/pkg/hex"
+)
+
+const privateKeySize = 64
+
+func Main(args []string) error {
+	if len(args) != 0 {
+		return fmt.Errorf("trailing arguments: %s", strings.Join(args, ", "))
+	}
+
+	_, priv, err := ed25519.GenerateKey(rand.Reader)
+	if err != nil {
+		return fmt.Errorf("generate key: %w", err)
+	}
+	if len(priv) != privateKeySize {
+		return fmt.Errorf("invalid key size %d", len(priv))
+	}
+
+	fmt.Printf("%s\n", hex.Serialize(priv[:]))
+	return nil
+}
diff --git a/cmd/sigsum-debug/key/public/public.go b/cmd/sigsum-debug/key/public/public.go
new file mode 100644
index 0000000..b03d0b9
--- /dev/null
+++ b/cmd/sigsum-debug/key/public/public.go
@@ -0,0 +1,32 @@
+package public
+
+import (
+	"crypto/ed25519"
+	"fmt"
+	"strings"
+
+	"git.sigsum.org/sigsum-go/internal/fmtio"
+	"git.sigsum.org/sigsum-go/pkg/hex"
+)
+
+func Main(args []string) error {
+	if len(args) != 0 {
+		return fmt.Errorf("trailing arguments: %s", strings.Join(args, ", "))
+	}
+	s, err := fmtio.StringFromStdin()
+	if err != nil {
+		return fmt.Errorf("read stdin: %w", err)
+	}
+
+	priv, err := fmtio.SignerFromHex(s)
+	if err != nil {
+		return fmt.Errorf("parse key: %w", err)
+	}
+	pub, ok := priv.Public().(ed25519.PublicKey)
+	if !ok {
+		return fmt.Errorf("not an ed25519 key")
+	}
+
+	fmt.Printf("%s\n", hex.Serialize(pub[:]))
+	return nil
+}